On 3/12/21 6:50 AM, Björn Persson wrote:
If both client and server are OpenSSH 7.2 or later, and an ssh-rsa key is involved, then one of the newer signature schemes rsa-sha2-256 and rsa-sha2-512 will be used, and you won't have any trouble.
Unless it's OpenSSH server 7.4 (as in Debian 9). Fedora's ssh client includes a patch to fix that, though. (bz#1881301)
At least that's how I understand it. It's very confusing, because users usually only see "ssh-rsa" as a key type, but the release notes assume that the reader knows about signature schemes in the SSH protocol. Inconsistent terminology certainly doesn't help. The release notes seem to use "signature scheme" and "signature algorithm" interchangeably, and the manual uses "host key algorithms" and "key types" when it seems to actually be talking about signature schemes.
The 8.5 release last week includes a change renaming PubkeyAcceptedKeyTypes to PubkeyAcceptedAlgorithms and HostbasedKeyTypes/HostbasedAcceptedKeyTypes to HostbasedAcceptedAlgorithms, which I think is an improvement, there.
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
